A generic learning simulation framework to assess security strategies in cyber-physical production systems

Abstract

Connected systems through computerized networks are at the heart of the Industry of the future. As they merge physical entities with cyber spaces, they fall under the paradigm of cyber-physical production systems. Cybersecurity is a key challenge for such systems, as they are subject to daily attempts of intruders to gain unauthorized access to their internal resources or to compromise their integrity. The fast increase of new attack strategies requires the rapid design and assessment of new defense strategies. It entails a complex, error-prone and time-consuming process, including the clear specification of the attack and defense strategies involved, and the design and implementation of the simulation model allowing to evaluate the performances of the defense strategy. This work intends to make such a process transparent to cybersecurity managers by limiting their workload to the sole specification of the characteristics of the system and the logic of the attack and the defense. It provides a generic hybrid simulation framework for flexible evaluation of cybersecurity policies, which is demonstrated on a SYN flooding application. Therefore, the contribution is twofold: (1) The proposed framework offers a high-level environment allowing various experts to collaborate by graphically modeling a given attack strategy and the envisioned defense strategy, without engaging in heavy implementation efforts. Then the framework's executable infrastructure, which combines simulation with machine learning to understanding the interactions between the attackers & the defender, will allow them assessing the performances of these strategies. The proposed framework differs from state-of-the-art cybersecurity simulation environments in its uniqueness to combining the expressive power of a universal simulation modeling formalism with the user-friendliness of a visual simulation tool. Therefore, it offers at one side, a very high modeling flexibility for easy exploration of various cybersecurity strategies, and at the other side, integrated learning capabilities for allowing self-adaptive user-based cybersecurity strategy design. (2) The application demonstrating the framework focuses on the most encountered and still uncontrolled threats in cybersecurity, i.e. the SYN-Flooding based Denial of Service (DoS) attack. The application targeted is not meant to propose yet another SYN flood detection algorithm or to improve the state-of-the-art in that domain, but to prove the framework operationality. The experimental results obtained showcase the ability of the framework to support learning simulation-based SYN flood defense algorithm design and validation.